MDKSA-2004:137

Problem description

The XPM library which is part of the XFree86/XOrg project is used
by several GUI applications to process XPM image files.
A source code review of the XPM library, done by Thomas Biege of the
SuSE Security-Team revealed several different kinds of bugs. These bugs
include integer overflows, out-of-bounds memory access, shell command
execution, path traversal, and endless loops.
These bugs can be exploited by remote and/or local attackers to gain
access to the system or to escalate their local privileges, by using a
specially crafted xpm image.
Updated packages are patched to correct all these issues.